Users

A user with ContainerAccess rights can manage users.

Tip

As with any platform we advise to adhere to the Principle of least privilege

Authentication

We support user authentication using using one of these cloud identities:

• Microsoft account (this can be a work or personal account)
• Google account (this can be a personal or Google workspace account)

Note

Users can only be added to our platform if they are "known" to us. As such a user should fist authenticate once on our platform and from there on the user can be added to a container.

Authorization

A user's identity can be authorized on a container using a specific permissions.

Note

Also note a user with ContainerAccess rights can never assign more permissiong the assigned to this user.

How-to

Add user

You can only add a user to a container if the user is "known" in InfraSonar, so a new user needs to logon using a Microsoft or Google account prior granting the user access.

Users can be added using the email address they used to authenticate with.

Access permissions for regular users

We suggest the following set of access permissions for regular users:

• Is member
• View
• AlertChange

Optionally we suggest adding:

• AlertAssign as this allows the user to assign alerts to users.
• ReportingView, access to reports can help users to get a better understanding.
• RuleEmail, allowing users to setup email rules for themselves can be beneficial.

Permissions

Dashboard only access

When no flags are set the specified user hasdashboard access only.

We have listed each of the specific InfraSonar permission flags below:

Is member

Allows alerts to be assigned to this user, makes the user "visible" for alert assignment.

View

Required for viewing this container.

Billing

Required for viewing the credits tab on this container
(only when credits are available on the on the container).

InsertCheckData

Required for inserting data using the API (used by agents).

AgentcoreConnect

Required for AgentCores to connect to the hub.

AssetManagement

• Required for changing the container mode (and/or schedule container mode);
• Required for changing the asset mode (and/or schedule asset mode);
• Required for creating new assets;
• Required for removing assets (including delete from trash);
• Required for changing asset configuration (including labels and collector related configuration).

AlertAssign

Required for assigning alerts.

AlertChange

Required for closing alerts; Required for adding comments to alerts.

API

Required for any API request.

ContainerManagement

• Required for adding child containers to this container;
• Required for removing this container;
• Required for renaming this container.

ContainerAdmin

• Required for creating/changing/removing labels within this container;
• Required for creating/changing/removing conditions within this container;

ContainerAccess

• Required for managing user access to this container;
• Required for managing tokens on this container.

CheckManagement

Required for enable/disable/configure checks per collector on assets.

TimeSeriesManagement

Required for enable/disable time-series for this container.

RuleManagement

Required for managing all rules on this container.
(including rules for webhooks and rules for other users)

RuleEmail

Required for creating a personal email rule on this container.

PurgeTimeSeries

Required for purging dead-time-series within this container.

ViewLog

Required for viewing logging.

ReportingView

Required for viewing reports.

ReportingAdmin

Required for managing reports.

ContainerTokens

Required for managing container tokes.

RulePhone

Required for creating a personal phone rule like SMS, PhoneCall or WhatsApp on this container.

Webhooks

Required for managing and viewing Webhooks.
Be careful with this privilege as webhooks might contain sensitive information like API keys.
(This auth flag is not required for creating rules using webhooks)